To facilitate data entry, I have allowed the user to upload a html file that holds the text of the article. I save the contents of this file in a variable and then try to save that to the database.
The problem is that the variable holding the html file contents has quotes, double quotes, etc., and this causes the INSERT statement to with the message:
"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's issue of Straightway gave a preliminary background concerning"
My SQL statement is:
The $contents variable holds the HTML file contents that the user uploads. Of course, I can echo and it looks just fine in the browser. It is saving it to the database where the problem arises.$sqlInsert = "INSERT INTO tblArticles (ArticleID, Title, Text, Author, Volume, Issue, Date, AuditDate, AuditUser) VALUES ('''','$Title', '$contents', '$Author', '$Volume', '$Issue', '$Date', now(), '$user')";
Is there a way to get around this problem?
Thanks for the help.